Saturday, April 12, 2014

Heartbleed bug exposes passwords

Internet security experts are scrambling to assess the extent of the breach caused by a massive bug called Heartbleed in the OpenSSL technology that runs encryption for two-thirds of the web and went unnoticed for two years until last week. A newly discovered bug in software supposed to provide extra protection for thousands of the world's most popular websites has exposed highly sensitive information such as credit card numbers, usernames, and passwords, security researchers said. The discovery of the bug, known as Heartbleed, has caused several websites to advise their users to change their passwords. "This might be a good day to call in sick and take some time to change your passwords everywhere - especially your high-security services like email, file storage, and banking, which may have been compromised by this bug," Tumblr wrote in a note to its many users. "The little lock icon (HTTPS) we all trusted to keep our passwords, personal emails, and credit cards safe, was actually making all that private information accessible to anyone who knew about the exploit." Yahoo, the owner of Tumblr, confirms that its users' passwords have been compromised. The bug was discovered late last week in the OpenSSL technology that runs encryption for two-thirds of the Internet. <more>